The firmware running on the Schneider Modicon TM221CE16R (Firmware 1.3.3) has a hardcoded password. The bad news for users is that they a cannot change the password and there is no firmware update available to fix this issue. The password used to protect the applications can be easily retrieved by a remote unauthenticated user. An attacker can decrypt the file and take control over the device. The Password for the application protection of the Schneider. can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified.”]
Source: http://securityaffairs.co/wordpress/57723/hacking/schneider-modicon-tm221ce16r-flaw.html